Hey,
I need little help, I configured the security event log to automatically backup and clear itself when it’s full, so .evtx files starting with word Archive are being created in the log folder.
I created a script which I want it to be run on weekly basis to extract a particular events related to deletion of files, save them in xml file and then delete those .evtx files.
however when I run the script it gives error that the .evtx files can’t be deleted because they are being used by another process, is there anyway around this? you can find below my script:
$loc = Get-ChildItem “D:\Logs\archive*”
Get-WinEvent -FilterHashtable @{ path = $loc ; ID = 4659} |
Select-Object -Property TimeCreated,
@{ n = “AccountName” ; e = {($_.Message.split(“`n”))[4].Substring(16) } } ,
@{ n = “ObjectName” ; e = {($_.Message.split(“`n”))[11].Substring(14) } } |
? {$.ObjectName -notlike “~$” -and $.ObjectName -notlike “.tmp”} |
Export-Clixml -Path “D:\Logs$(((Get-Date).AddDays(-1).ToShortDateString()).Replace(”/“,”-“)).xml”
Remove-Item -Path $loc